1
0
mirror of https://github.com/MariaDB/server.git synced 2025-08-29 00:08:14 +03:00
Files
mariadb/sql
Tor Didriksen a6145f4b62 Bug#12563865 ROUNDED,TMP_BUF,DECIMAL_VALUE STACK CORRUPTION IN ALL VERSIONS >=5.0
Buffer over-run on all platforms, crash on windows, wrong result on other platforms,
when rounding numbers which start with 999999999 and have
precision = 9 or 18 or 27 or 36 ...


mysql-test/r/type_newdecimal.result:
  New test cases.
mysql-test/t/type_newdecimal.test:
  New test cases.
sql/my_decimal.h:
  Add sanity checking code, to catch buffer over/under-run.
strings/decimal.c:
  The original initialization of intg1 (add 1 if buf[0] == DIG_MAX)
  will set p1 to point outside the buffer, and the loop to copy the original value
      while (buf0 < p0)
        *(--p1) = *(--p0);
  will overwrite memory outside the my_decimal object.
2011-10-14 10:09:53 +02:00
..
2011-06-30 17:31:31 +02:00
2010-12-28 19:57:23 +01:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2008-07-14 16:16:37 -04:00
2011-06-30 17:31:31 +02:00
2008-07-10 14:47:53 -04:00
2007-11-05 20:18:22 +01:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-07-06 11:36:39 +02:00
2011-06-30 17:31:31 +02:00
2011-07-06 11:36:39 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-07-06 11:36:39 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2008-07-10 14:50:07 -04:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-07-06 11:36:39 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2008-01-23 13:26:41 -07:00
2011-06-30 17:31:31 +02:00
2011-06-30 21:27:04 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-07-06 11:36:39 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-07-06 11:36:39 +02:00
2011-07-06 11:36:39 +02:00
2011-06-30 17:31:31 +02:00
2011-07-06 11:36:39 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-07-06 11:36:39 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2007-07-01 15:33:28 -07:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-10-06 11:23:46 +01:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00
2011-06-30 17:31:31 +02:00